Try our new research platform with insights from 80,000+ expert users

CucumberStudio vs Veracode comparison

SmartBear and Veracode are both solutions in the Dynamic Application Security Testing (DAST) category. Additionally, 91% of SmartBear users are willing to recommend the solution, compared to 90% of Veracode users who would recommend it.
CucumberStudio
Read 12 CucumberStudio reviews
  • 418 Views
  • 29 Comparison Views
91% willing to recommend
Veracode
Read 204 Veracode reviews
    90% willing to recommend
     

    Comparison Buyer's Guide

    Download the report
    Executive Summary
    We performed a comparison between CucumberStudio and Veracode based on real PeerSpot user reviews.

    Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

    DOWNLOAD THE COMPLETE REPORT
    To learn more, read our detailed CucumberStudio vs. Veracode Report (Updated: October 2025).
    Buyer's Guide
    CucumberStudio vs. Veracode
    October 2025
    Download the complete report
    Helped 872,029 peers since 2012

    Review summaries and opinions

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Categories and Ranking

    CucumberStudio
    Average Rating
    8.0
    Reviews Sentiment
    7.1
    Number of Reviews
    12
    Ranking in other categories
    Rapid Application Development Software (25th), Dynamic Application Security Testing (DAST) (8th)
    Veracode
    Average Rating
    8.2
    Reviews Sentiment
    6.9
    Number of Reviews
    204
    Ranking in other categories
    Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)
     

    Featured Reviews

    Walter Wirch - PeerSpot reviewer
    Facilitates integration of test scenarios while needing modernization of components
    CucumberStudio is primarily used for designing test scenarios and automating testing. We have implemented it in conjunction with our own routines for integration into our infrastructure CucumberStudio aligns with our strategy for data-driven testing. It supports our product owners in designing…
    Read full review
    Kv Rao - PeerSpot reviewer
    Integrates pipelines smoothly and fortifies code against vulnerabilities
    I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…
    Read full review

    Quotes from Members

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Pros

    "The URL is very useful, and it has a very good UI for deploying information of the scenarios created."
    "The best thing is that a person without knowledge about the program can easily understand what happened in our testing process."
    "CucumberStudio has a very user-friendly interface."
    "The data table that helps in converting a single script to multiple test cases is very helpful."
    "The most valuable feature of CucumberStudio is its use of action words, which allows me to avoid writing test cases from scratch for the most common scenarios."
    "The solution is stable."
    "CucumberStudio aligns with our strategy for data-driven testing."
    "CucumberStudio aligns with our strategy for data-driven testing."
    "The solution can scan old databases and old code written 20 years back."
    "The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process."
    "The coverage of backdoors attacks on security that's the most valuable for my clients."
    "We have to look at it from the perspectives of how important it is to fix something and when it should be prioritized for fixing. The JSON output from the agent-based scans gives us the CVS core, and that makes things much easier."
    "When we do have errors, Veracode is always available, their consultants, to help us either mitigate the error, or provide technical assistance on pointing exactly where the problem is and how we could probably fix it. I'm always amazed at how knowledgeable they are."
    "The solution is a specialist in SAST that you can rely on. Code scanning is fast with current, updated algorithms​."
    "We use Veracode static analysis during development to eliminate vulnerability issues"
    "The security team can track the remediation and risk acceptance statistics."
    More Veracode pros
     

    Cons

    "I would like to see better customer support."
    "I think it would be better if we could also do the reporting with CucumberStudio."
    "A key area for improvement is to revamp outdated components such as HipTest publisher."
    "A key area for improvement is to revamp outdated components such as HipTest publisher."
    "The reporting needs to be improved."
    "Another kind of deployment might be useful, perhaps an option to install the tool in a local deployment."
    "CucumberStudio's API integration could be improved both in terms of reliability and design."
    "The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time."
    "Veracode should include the feature to run multiple scales at a time."
    "The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives."
    "Veracode needs to shift to a more modern approach because it still feels traditional in its way of doing code scanning compared with others, such as Snyk."
    "Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."
    "A nice addition would be if it could be extended for scenarios with custom cleansers."
    "The static scans on Java lack microservices architecture scanning. We have developed an in-house pattern for this and the scans can't take care of it as a single entity."
    "When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us."
    More Veracode cons
     

    Pricing and Cost Advice

    Information not available
    "I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms."
    "The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
    "I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
    "The pricing for Veracode is high, making it difficult for beginners to afford."
    "The pricing and licensing are reasonable, and relatively straightforward, and different licensing and subscription models are available."
    "The solution is expensive."
    "Veracode's price is high. I would like them to better optimize their pricing."
    "The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."
    More Veracode pricing and cost advice
    report
    See which vendors are best for you
    Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
    See recommendations
    872,029 professionals have used our research since 2012.
     

    Top Industries

    By visitors reading reviews
    No data available
    Financial Services Firm
    17%
    Computer Software Company
    15%
    Manufacturing Company
    9%
    Government
    6%
     

    Company Size

    By reviewers
    Large Enterprise
    Midsize Enterprise
    Small Business
    By reviewers
    Company SizeCount
    Small Business3
    Midsize Enterprise3
    Large Enterprise4
    By reviewers
    Company SizeCount
    Small Business69
    Midsize Enterprise43
    Large Enterprise112
     

    Questions from the Community

    What needs improvement with Hiptest?
    CucumberStudio's API integration could be improved both in terms of reliability and design. The API requires data to be sent in a specific format, which takes time to build. Additionally, the repor...
    See all answers
    What is your primary use case for Hiptest?
    I use CucumberStudio as a test case repository. All of our test cases are stored there. It is also part of our test planning process. For every sprint, we plan the test cases in CucumberStudio and ...
    See all answers
    What advice do you have for others considering Hiptest?
    For teams following a BDD style software development approach, CucumberStudio is a great collaborative tool that covers all the basic requirements of a test management tool. I would rate CucumberSt...
    See all answers
    Which gives you more for your money - SonarQube or Veracode?
    SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
    See all answers
    What do you like most about Veracode Static Analysis?
    I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.
    See all answers
    What is your experience regarding pricing and costs for Veracode Static Analysis?
    When considering pricing, Veracode stands out due to its lower cost per service and more scalable options. It offers nearly five security testing features within its own service, making it a compet...
    See all answers
     

    Comparisons

    TestRail vs CucumberStudio Logo
    TestRail vs CucumberStudio
    Compared 58% of the time
    GitHub CoPilot vs CucumberStudio Logo
    GitHub CoPilot vs CucumberStudio
    Compared 42% of the time
    More CucumberStudio Competitors
    SonarQube Server (formerly SonarQube) vs Veracode Logo
    SonarQube Server (formerly SonarQube) vs Veracode
    Compared 15% of the time
    Checkmarx One vs Veracode Logo
    Checkmarx One vs Veracode
    Compared 9% of the time
    GitHub Advanced Security vs Veracode Logo
    GitHub Advanced Security vs Veracode
    Compared 7% of the time
    OWASP Zap vs Veracode Logo
    OWASP Zap vs Veracode
    Compared 4% of the time
    OpenText Core Application Security vs Veracode Logo
    OpenText Core Application Security vs Veracode
    Compared 4% of the time
    More Veracode Competitors
     

    Product Reports

    Buyer's Guide
    Rapid Application Development Software
    October 2025
    CucumberStudio reportDownload CucumberStudio product report
    Buyer's Guide
    Veracode
    October 2025
    Veracode reportDownload Veracode product report
     

    Also Known As

    Hiptest
    Crashtest Security , Veracode Detect
     

    Overview

    Formerly HipTest: CucumberStudio is the leading collaboration platform for BDD - an easy-to-use tool to define ideas, test code, and learn in production from real-time insight.

    SmartBear

    Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

    Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

    What are the key features of Veracode?

    • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
    • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
    • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
    • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
    • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

    What benefits should users consider in Veracode reviews?

    • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
    • Scalability - Supports organizations with large-scale application portfolios.
    • Compliance support - Ensures applications meet various security standards and regulations.
    • Developer training - Provides tools for educating developers on secure coding practices.
    • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

    Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


    Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

    Veracode
     

    Sample Customers

    Cisco, Cardinal Health, Intuit, Smartbox, Accenture, Deliveroo
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Buyer's Guide
    CucumberStudio vs. Veracode
    October 2025
    Free Report: CucumberStudio vs. Veracode
    Find out what your peers are saying about CucumberStudio vs. Veracode and other solutions. Updated: October 2025.
    DOWNLOAD NOW
    872,029 professionals have used our research since 2012.
    See our CucumberStudio vs. Veracode report.
    See our list of best Dynamic Application Security Testing (DAST) vendors.

    We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.